[Imc-tech] zip file death

[Clint Popetz]

On Fri, Apr 16, 2004 at 10:48:50AM -0500, Zachary C. Miller wrote:
> Today we were once again massively flooded with downloads of zip files
> that have been newly uploaded to our ucimc server. I put a directive
> into apache to block all requests for all files ending in .zip. There
> are currently no non-encrypted legitimate .zip files on the ucimc.org
> site so this doesn't really hurt anything. 
> 
> People can still upload .zip's they just can't download them. 
> 
> It'd be great if someone who knew dada and has admin access could go
> in and disable the ability to upload .zip's. 

Ok, I applied the following patch.  Note that it won't catch zips that
are really zips but are re-named something else...the mime-type for
zips in most browsers is too generic (application/octet-stream).

			-Clint


*** imc_classes/imc_Article.inc Fri Apr 16 11:44:58 2004
--- imc_classes/imc_Article.inc	Fri Apr 16 11:42:46 2004
*************** class Article extends Object {
*** 980,983 ****
--- 980,992 ----
  				// add media types of uploaded files
  				if (isset($_FILES['userfile']) && isset($_FILES['userfile']['type'])) {
+ 
+ 					foreach($_FILES['userfile']['name'] as $name) {
+ 						if (preg_match('/.zip$/i',$name)) {
+ 						  echo ('<p class="nogood">'._('Sorry, uploads of zip files are disabled.').'</p>');
+ 							$this->edit();
+ 						  return false;
+ 						}
+ 					}
+ 
  					foreach($_FILES['userfile']['type'] as $value) {
  						// MIME-types can have optional parameters after the type/subtype,